This is somewhat unrelated, but what's the general consensus on the security of EC2 for very sensitive computation?
For example, I have a client who has some algorithms and data that are potentially quite valuable. EC2 and other AWS services would be a huge help with their project, but is there any way measures could be taken to ensure that no one - even Amazon employees - can get to their code and data?
Edit: devicenull makes some good points - I guess I had the CIA's $600 million AWS contract in my head when asking my question.
There's no need to wonder about these things. Check out the AWS Security Center at http://aws.amazon.com/security/ to get the facts. At that address you will find a very detailed (39 page) Security White Paper.
No. You don't control the execution environment, so if it's really that valuable it can't be trusted.
After all, you cannot stop someone from taking a full snapshot of the VM and grabbing all the information. Encryption is no help here, as the VM ultimately needs to store the key in memory.
If it's really that valuable (lot's of companies seem to overestimate how much people would want to steal their data), then it really should never leave hardware under their control.
I have never heard anyone complain about a company taking infosec too seriously, let alone lots of companies.
Dude, my bank/email-host/health-insurer is teh suk. They overestimate the value of data confidentiality. I hope this does not become a new trend. I expect the companies that I deal with to play fast and loose with the data they control. Encrypting Data at rest? C'mon bro, if the data is so important why is it just sitting there with nobody using it.
Users complain all the time about being required to change their password every week to something unmemorable because of crazy complexity requirements.
That's all about regulatory risk, SOX, HIPAA, GLBA, etc. Let's be honest it is a "complaint" about a password policy, at best a means to an end. Unless you read that as a complaint about the motivation, because I did not.
I can't stand this the "Security is a tradeoff with usability" line. It is not. When you lock the airplane lavatory door and the light turns on what is the tradeoff? As far as I am concerned Acme Bank's website is unusable if anyone can login as me. How usable are your funds if anyone can transfer them out of your control?
For example, I have a client who has some algorithms and data that are potentially quite valuable. EC2 and other AWS services would be a huge help with their project, but is there any way measures could be taken to ensure that no one - even Amazon employees - can get to their code and data?
Edit: devicenull makes some good points - I guess I had the CIA's $600 million AWS contract in my head when asking my question.